Ubuntu 26.04 LTS Luanti Critical Remote Code Execution Issues USN-8366-1
ubuntu
June 2, 2026
Several security issues were fixed in Luanti.
Summary
Several security issues were fixed in Luanti.
Software Description:
- luanti: free and open-source voxel game engine
Details:
It was discovered that Luanti, when using LuaJIT, did not properly
enforce Lua sandbox restrictions. An attacker could possibly use
this issue to execute arbitrary code. (CVE-2026-40959)
It was discovered that Luanti did not properly restrict access to
insecure environments. An attacker could possibly use this issue to
obtain unintended access to the insecure environment or HTTP API.
(CVE-2026-40960)
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS luanti 5.10.0+dfsg-5+deb13u1build0.26.04.1 luanti-data 5.10.0+dfsg-5+deb13u1build0.26.04.1 luanti-server 5.10.0+dfsg-5+deb13u1build0.26.04.1 Ubuntu 25.10 luanti 5.10.0+dfsg-5+deb13u1build0.25.10.1 luanti-data 5.10.0+dfsg-5+deb13u1build0.25.10.1 luanti-server 5.10.0+dfsg-5+deb13u1build0.25.10.1 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-8366-1
CVE-2026-40959, CVE-2026-40960
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-8366-1
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!